Lucene search
Ubuntu.comUB:CVE-2013-1665HistoryFeb 19, 2013 - 12:00 a.m.
CVE-2013-1665
2013-02-1900:00:00
ubuntu.com
ubuntu.com
13
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.5%
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in
OpenStack Keystone Essex and Folsom, Django, and possibly other products
allow remote attackers to read arbitrary files via an XML external entity
declaration in conjunction with an entity reference, aka an XML External
Entity (XXE) attack.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | Keystone on 11.10 is a pre-release version and unusable with other components such as nova and horizon |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 12.04 | noarch | keystone | < 2012.1+stable~20120824-a16a0ab9-0ubuntu2.5 | UNKNOWN |
| ubuntu | 12.10 | noarch | keystone | < 2012.2.1-0ubuntu1.2 | UNKNOWN |
| ubuntu | 10.04 | noarch | python-django | < 1.1.1-2ubuntu1.8 | UNKNOWN |
| ubuntu | 11.10 | noarch | python-django | < 1.3-2ubuntu1.6 | UNKNOWN |
| ubuntu | 12.04 | noarch | python-django | < 1.3.1-4ubuntu1.6 | UNKNOWN |
| ubuntu | 12.10 | noarch | python-django | < 1.4.1-2ubuntu0.3 | UNKNOWN |
Related
prion
prion
cve
cve
debiancve
debiancve
CVE-2013-1665
2013-04-03 00:55:00
redhat
redhat
veracode
veracode
XML External Entity (XXE)
2019-05-02 04:44:12
Denial Of Service (DoS)
2019-05-02 04:48:39
Denial Of Service (DoS)
2019-05-02 04:48:40
nessus
nessus
Fedora 18 : openstack-keystone-2012.2.3-3.fc18 (2013-2916)
2013-03-05 00:00:00
Ubuntu 12.04 LTS / 12.10 : keystone vulnerabilities (USN-1730-1)
2013-02-21 00:00:00
Debian DSA-2634-1 : python-django - several vulnerabilities
2013-02-27 00:00:00
openvas
openvas
Ubuntu Update for keystone USN-1730-1
2013-02-22 00:00:00
Ubuntu: Security Advisory (USN-1730-1)
2013-02-22 00:00:00
Debian: Security Advisory (DSA-2634-1)
2013-02-26 00:00:00
ubuntu
ubuntu
OpenStack Keystone vulnerabilities
2013-02-20 00:00:00
Django vulnerabilities
2013-03-07 00:00:00
securityvulns
securityvulns
[USN-1730-1] OpenStack Keystone vulnerabilities
2013-02-24 00:00:00
[SECURITY] [DSA 2634-1] python-django security update
2013-03-03 00:00:00
osv
osv
python-django - several vulnerabilities
2013-02-27 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.3-3.fc18
2013-03-04 22:39:17
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.3-5.fc18
2013-04-08 22:52:02
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.4-3.fc18
2013-05-22 01:29:47
debian
debian
[SECURITY] [DSA 2634-1] python-django security update
2013-02-26 23:58:40
freebsd
freebsd
django -- multiple vulnerabilities
2013-02-21 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.5%
Related for UB:CVE-2013-1665